Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1049168?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1049168?format=api", "purl": "pkg:deb/debian/consul@1.8.7%2Bdfsg1-2", "type": "deb", "namespace": "debian", "name": "consul", "version": "1.8.7+dfsg1-2", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52936?format=api", "vulnerability_id": "VCID-2dmf-rj8w-xycm", "summary": "Denial of Service (DoS) in HashiCorp Consul\nHashiCorp Consul and Consul Enterprise could crash when configured with an abnormally-formed service-router entry. Introduced in 1.6.0, fixed in 1.6.6 and 1.7.4.\n### Specific Go Packages Affected\ngithub.com/hashicorp/consul/agent/consul/discoverychain", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12758", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70341", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.7028", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70304", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70289", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70276", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70317", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70326", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70308", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70361", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70369", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70367", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70212", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70225", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70242", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70219", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70265", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12758" }, { "reference_url": "https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md" }, { "reference_url": "https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md" }, { "reference_url": "https://github.com/hashicorp/consul/commit/69b44fb9424cfdc05f1b7243876ab10d236ef1fc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/commit/69b44fb9424cfdc05f1b7243876ab10d236ef1fc" }, { "reference_url": "https://github.com/hashicorp/consul/pull/7783", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/pull/7783" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12758", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12758" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049168?format=api", "purl": "pkg:deb/debian/consul@1.8.7%2Bdfsg1-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2" } ], "aliases": [ "CVE-2020-12758", "GHSA-q2qr-3c2p-9235" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2dmf-rj8w-xycm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/32325?format=api", "vulnerability_id": "VCID-467g-8bds-t3ef", "summary": "HashiCorp Consul Incorrect Access Control vulnerability\nHashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control. Keys not matching a specific ACL rule used for prefix matching in a policy can be deleted by a token using that policy even with default deny settings configured.\n\n### Specific Go Packages Affected\ngithub.com/hashicorp/consul/acl", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12291", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.61932", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.61946", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.61963", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.61984", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.61973", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.61953", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.61995", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.61999", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.6198", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.61978", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.61987", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.61822", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.61895", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.61926", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.61897", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12291" }, { "reference_url": "https://github.com/hashicorp/consul", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul" }, { "reference_url": "https://github.com/hashicorp/consul/commit/36ebca1fd0129278487c6570449bc8cc03987890", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/commit/36ebca1fd0129278487c6570449bc8cc03987890" }, { "reference_url": "https://github.com/hashicorp/consul/issues/5888", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/issues/5888" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12291", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12291" }, { "reference_url": "https://www.hashicorp.com/blog/category/consul", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.hashicorp.com/blog/category/consul" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049168?format=api", "purl": "pkg:deb/debian/consul@1.8.7%2Bdfsg1-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2" } ], "aliases": [ "CVE-2019-12291", "GHSA-h65h-v7fw-4p38" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-467g-8bds-t3ef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46380?format=api", "vulnerability_id": "VCID-cqzz-az3e-kych", "summary": "Improper Input Validation in HashiCorp Consul\nHashiCorp Consul and Consul Enterprise did not appropriately enforce scope for local tokens issued by a primary data center, where replication to a secondary data center was not enabled. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4.\n### Specific Go Packages Affected\ngithub.com/hashicorp/consul/agent", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13170", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66603", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66564", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66578", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66597", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66585", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66553", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66588", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66606", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66589", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66613", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66628", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.6648", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66519", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66544", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66515", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13170" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13170", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13170" }, { "reference_url": "https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md" }, { "reference_url": "https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md" }, { "reference_url": "https://github.com/hashicorp/consul/commit/242994a016a181d6c62a5bb83189716ad13d4216", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/commit/242994a016a181d6c62a5bb83189716ad13d4216" }, { "reference_url": "https://github.com/hashicorp/consul/pull/8068", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/pull/8068" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13170", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13170" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049168?format=api", "purl": "pkg:deb/debian/consul@1.8.7%2Bdfsg1-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2" } ], "aliases": [ "CVE-2020-13170", "GHSA-p2j5-3f4c-224r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cqzz-az3e-kych" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51526?format=api", "vulnerability_id": "VCID-ftvt-9nb3-xue3", "summary": "Multiple vulnerabilities have been discovered in HashiCorp Consul, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25864.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25864.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25864", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.8334", "scoring_system": "epss", "scoring_elements": "0.9928", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.8334", "scoring_system": "epss", "scoring_elements": "0.99277", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.8334", "scoring_system": "epss", "scoring_elements": "0.99276", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.8334", "scoring_system": "epss", "scoring_elements": "0.99275", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.8334", "scoring_system": "epss", "scoring_elements": "0.99273", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.8334", "scoring_system": "epss", "scoring_elements": "0.99274", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.84021", "scoring_system": "epss", "scoring_elements": "0.99298", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.84021", "scoring_system": "epss", "scoring_elements": "0.99301", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.84021", "scoring_system": "epss", "scoring_elements": "0.99304", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.84021", "scoring_system": "epss", "scoring_elements": "0.99305", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.84021", "scoring_system": "epss", "scoring_elements": "0.99306", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25864" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25864", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25864" }, { "reference_url": "https://discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368" }, { "reference_url": "https://github.com/hashicorp/consul", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25864", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25864" }, { "reference_url": "https://security.gentoo.org/glsa/202208-09", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202208-09" }, { "reference_url": "https://www.hashicorp.com/blog/category/consul", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.hashicorp.com/blog/category/consul" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950275", "reference_id": "1950275", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950275" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987351", "reference_id": "987351", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987351" }, { "reference_url": "https://security.archlinux.org/AVG-1829", "reference_id": "AVG-1829", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1829" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049168?format=api", "purl": "pkg:deb/debian/consul@1.8.7%2Bdfsg1-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2" } ], "aliases": [ "CVE-2020-25864", "GHSA-8xmx-h8rq-h94j" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ftvt-9nb3-xue3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46878?format=api", "vulnerability_id": "VCID-gkgb-5g8x-7fgf", "summary": "Denial of Service (DoS) in HashiCorp Consul\nHashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3.\n\n### Specific Go Packages Affected\ngithub.com/hashicorp/consul/agent/consul", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7219.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7219.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7219", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01138", "scoring_system": "epss", "scoring_elements": "0.78489", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01138", "scoring_system": "epss", "scoring_elements": "0.78424", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01138", "scoring_system": "epss", "scoring_elements": "0.78423", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01138", "scoring_system": "epss", "scoring_elements": "0.78418", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01138", "scoring_system": "epss", "scoring_elements": "0.78452", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01138", "scoring_system": "epss", "scoring_elements": "0.7846", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01138", "scoring_system": "epss", "scoring_elements": "0.78475", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01138", "scoring_system": "epss", "scoring_elements": "0.78341", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01138", "scoring_system": "epss", "scoring_elements": "0.78347", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01138", "scoring_system": "epss", "scoring_elements": "0.78378", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01138", "scoring_system": "epss", "scoring_elements": "0.78362", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01138", "scoring_system": "epss", "scoring_elements": "0.78388", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01138", "scoring_system": "epss", "scoring_elements": "0.78394", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01138", "scoring_system": "epss", "scoring_elements": "0.7842", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01138", "scoring_system": "epss", "scoring_elements": "0.78403", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01138", "scoring_system": "epss", "scoring_elements": "0.78395", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7219" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7219", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7219" }, { "reference_url": "https://github.com/hashicorp/consul/issues/7159", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/issues/7159" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7219", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7219" }, { "reference_url": "https://www.hashicorp.com/blog/category/consul", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.hashicorp.com/blog/category/consul" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805866", "reference_id": "1805866", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805866" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950736", "reference_id": "950736", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950736" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049168?format=api", "purl": "pkg:deb/debian/consul@1.8.7%2Bdfsg1-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2" } ], "aliases": [ "CVE-2020-7219", "GHSA-23jv-v6qj-3fhh" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gkgb-5g8x-7fgf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14168?format=api", "vulnerability_id": "VCID-gsqu-g2y4-a7ap", "summary": "Privilege Escalation in HashiCorp Consul\nHashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28053", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.48949", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49068", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49021", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49075", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49071", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49088", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.4906", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49067", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49112", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49109", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49077", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49063", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49073", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49029", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49004", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49039", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28053" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28053", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28053" }, { "reference_url": "https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#186-november-19-2020", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#186-november-19-2020" }, { "reference_url": "https://github.com/hashicorp/consul/commit/ff5215d882ac51b49c2647aac46b42aa9c890ce3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/commit/ff5215d882ac51b49c2647aac46b42aa9c890ce3" }, { "reference_url": "https://github.com/hashicorp/consul/pull/9240", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/pull/9240" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28053", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28053" }, { "reference_url": "https://security.gentoo.org/glsa/202208-09", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202208-09" }, { "reference_url": "https://www.hashicorp.com/blog/category/consul", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.hashicorp.com/blog/category/consul" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975584", "reference_id": "975584", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975584" }, { "reference_url": "https://security.archlinux.org/AVG-1294", "reference_id": "AVG-1294", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1294" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049168?format=api", "purl": "pkg:deb/debian/consul@1.8.7%2Bdfsg1-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2" } ], "aliases": [ "CVE-2020-28053", "GHSA-6m72-467w-94rh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gsqu-g2y4-a7ap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46511?format=api", "vulnerability_id": "VCID-jm2d-ejbf-qfhz", "summary": "Allocation of Resources Without Limits or Throttling in Hashicorp Consul\nHashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service.\n\n### Specific Go Packages Affected\ngithub.com/hashicorp/consul/agent/config\n\n### Fix\nThe vulnerability is fixed in versions 1.6.6 and 1.7.4.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13250", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75241", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75119", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75153", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75165", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75187", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.7519", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75197", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75186", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75224", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75228", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75231", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75109", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75112", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75142", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13250" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13250", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13250" }, { "reference_url": "https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md" }, { "reference_url": "https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md" }, { "reference_url": "https://github.com/hashicorp/consul/commit/72f92ae7ca4cabc1dc3069362a9b64ef46941432", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/commit/72f92ae7ca4cabc1dc3069362a9b64ef46941432" }, { "reference_url": "https://github.com/hashicorp/consul/pull/8023", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/pull/8023" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13250", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13250" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049168?format=api", "purl": "pkg:deb/debian/consul@1.8.7%2Bdfsg1-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2" } ], "aliases": [ "CVE-2020-13250", "GHSA-rqjq-mrgx-85hp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jm2d-ejbf-qfhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14476?format=api", "vulnerability_id": "VCID-mv9z-hxmr-skfp", "summary": "Denial of service in HashiCorp Consul\nHashiCorp Consul Enterprise versions 1.7.0 up to 1.7.8 and 1.8.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25201", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.8147", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81347", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81346", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81374", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81379", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81401", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81388", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.8138", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81417", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81418", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81419", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81441", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81448", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81453", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81316", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81325", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25201" }, { "reference_url": "https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#185-october-23-2020", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#185-october-23-2020" }, { "reference_url": "https://github.com/hashicorp/consul/pull/9024", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/pull/9024" }, { "reference_url": "https://github.com/hashicorp/consul/releases/tag/v1.8.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/releases/tag/v1.8.5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25201", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25201" }, { "reference_url": "https://security.gentoo.org/glsa/202208-09", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202208-09" }, { "reference_url": "https://www.hashicorp.com/blog/category/consul", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.hashicorp.com/blog/category/consul" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973892", "reference_id": "973892", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973892" }, { "reference_url": "https://security.archlinux.org/AVG-1295", "reference_id": "AVG-1295", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1295" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049168?format=api", "purl": "pkg:deb/debian/consul@1.8.7%2Bdfsg1-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2" } ], "aliases": [ "CVE-2020-25201", "GHSA-496g-fr33-whrf" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mv9z-hxmr-skfp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54347?format=api", "vulnerability_id": "VCID-pet2-hhx7-g7fc", "summary": "HashiCorp Consul can use cleartext agent-to-agent RPC communication\nHashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the `verify_outgoing` setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19653", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62428", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62421", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62438", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62457", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62447", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62425", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62469", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62476", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.6246", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62486", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62483", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62319", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62377", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62407", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62372", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19653" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19653", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19653" }, { "reference_url": "https://github.com/hashicorp/consul", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul" }, { "reference_url": "https://github.com/hashicorp/consul/commit/b64e8b262f80397eab4f39c6ae7e14683cb9f55c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/commit/b64e8b262f80397eab4f39c6ae7e14683cb9f55c" }, { "reference_url": "https://github.com/hashicorp/consul/pull/5069", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/pull/5069" }, { "reference_url": "https://groups.google.com/forum/#!topic/consul-tool/7TCw06oio0I", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/consul-tool/7TCw06oio0I" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19653", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19653" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049168?format=api", "purl": "pkg:deb/debian/consul@1.8.7%2Bdfsg1-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2" } ], "aliases": [ "CVE-2018-19653", "GHSA-4qvx-qq5w-695p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pet2-hhx7-g7fc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46194?format=api", "vulnerability_id": "VCID-th2f-96u1-syhg", "summary": "Incorrect Permission Assignment for Critical Resource\tin Hashicorp Consul\nHashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to non-propagation to secondary data centers. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4.\n### Specific Go Packages Affected\ngithub.com/hashicorp/consul/agent/structs", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12797", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61119", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61095", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61143", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61158", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61178", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61165", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61146", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61186", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61192", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61173", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61162", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61177", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.6117", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61023", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61101", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61129", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12797" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12797", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12797" }, { "reference_url": "https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md" }, { "reference_url": "https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md" }, { "reference_url": "https://github.com/hashicorp/consul/commit/98eea08d3ba1b220a14cf6eedf3b6b07ae2795d7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/commit/98eea08d3ba1b220a14cf6eedf3b6b07ae2795d7" }, { "reference_url": "https://github.com/hashicorp/consul/issues/5606", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/issues/5606" }, { "reference_url": "https://github.com/hashicorp/consul/pull/8047", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/pull/8047" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12797", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12797" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049168?format=api", "purl": "pkg:deb/debian/consul@1.8.7%2Bdfsg1-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2" } ], "aliases": [ "CVE-2020-12797", "GHSA-hwqm-x785-qh8p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-th2f-96u1-syhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43266?format=api", "vulnerability_id": "VCID-xzyq-wm1j-dkcu", "summary": "Incorrect Authorization in HashiCorp Consul\nHashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7955.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7955.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7955", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.55961", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56114", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56116", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56087", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56013", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56033", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56009", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.55942", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56053", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56074", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56052", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56104", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56108", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56119", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56096", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56079", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7955" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7955", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7955" }, { "reference_url": "https://github.com/hashicorp/consul/issues/7160", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/issues/7160" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7955", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7955" }, { "reference_url": "https://www.hashicorp.com/blog/category/consul", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.hashicorp.com/blog/category/consul" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805875", "reference_id": "1805875", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805875" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950736", "reference_id": "950736", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950736" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049168?format=api", "purl": "pkg:deb/debian/consul@1.8.7%2Bdfsg1-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2" } ], "aliases": [ "CVE-2020-7955", "GHSA-r9w6-rhh9-7v53" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xzyq-wm1j-dkcu" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2" }